CVE-2018-11455

8.8HIGH

Key Information:

Vendor: Siemens
Status: Automation License Manager 5, Automation License Manager 6
Vendor: CVE Published:; 7 August 2018

Summary

A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required.

Affected Version(s)

Automation License Manager 5, Automation License Manager 6 Automation License Manager 5 : All versions < 5.3.4.4 < Automation License Manager 5 : All versions 5.3.4.4

Automation License Manager 5, Automation License Manager 6 Automation License Manager 6 : All versions < 6.0.1 < Automation License Manager 6 : All versions 6.0.1

References

http://www.securityfocus.com/bid/105114

vdb-entryx_refsource_BID

https://cert-portal.siemens.com/productcert/pdf/ssa-92096...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 7, 2018
Vulnerability Reserved
May 25, 2018